- 20 Mar, 2020 1 commit
-
-
Jason A. Donenfeld authored
Prior, passing in chunks of 2, 3, or 4, followed by any additional chunks would result in the chacha state counter getting out of sync, resulting in incorrect encryption/decryption, which is a pretty nasty crypto vuln: "why do images look weird on webpages?" WireGuard users never experienced this prior, because we have always, out of tree, used a different crypto library, until the recent Frankenzinc addition. This commit fixes the issue by advancing the pointers and state counter by the actual size processed. It also fixes up a bug in the (optional, costly) stride test that prevented it from running on arm64. Fixes: b3aad5ba ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function") Reported-and-tested-by:
Emil Renner Berthing <kernel@esmil.dk> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org # v5.5+ Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 05 Mar, 2020 1 commit
-
-
Jason A. Donenfeld authored
Some older version of GAS do not support the ADX instructions, similarly to how they also don't support AVX and such. This commit adds the same build-time detection mechanisms we use for AVX and others for ADX, and then makes sure that the curve25519 library dispatcher calls the right functions. Reported-by:
Willy Tarreau <w@1wt.eu> Signed-off-by:
-
- 14 Feb, 2020 1 commit
-
-
Jason A. Donenfeld authored
This code assigns src_len (size_t) to sl (int), which causes problems when src_len is very large. Probably nobody in the kernel should be passing this much data to chacha20poly1305 all in one go anyway, so I don't think we need to change the algorithm or introduce larger types or anything. But we should at least error out early in this case and print a warning so that we get reports if this does happen and can look into why anybody is possibly passing it that much data or if they're accidently passing -1 or similar. Fixes: d95312a3 ("crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine") Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org # 5.5+ Signed-off-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
-
- 13 Feb, 2020 1 commit
-
-
Hongbo Yao authored
If CRYPTO_DEV_CCP_DD=m and AMDTEE=y, the following error is seen while building call.c or core.c drivers/tee/amdtee/call.o: In function `handle_unload_ta': call.c:(.text+0x35f): undefined reference to `psp_tee_process_cmd' drivers/tee/amdtee/core.o: In function `amdtee_driver_init': core.c:(.init.text+0xf): undefined reference to `psp_check_tee_status Fix the config dependency for AMDTEE here. Reported-by:
Hulk Robot <hulkci@huawei.com> Fixes: 757cc3e9 ("tee: add AMD-TEE driver") Signed-off-by:
Hongbo Yao <yaohongbo@huawei.com> Reviewed-by:
Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by:
-
- 05 Feb, 2020 1 commit
-
-
Jason A. Donenfeld authored
The library code uses CRYPTO_MANAGER_DISABLE_TESTS to conditionalize its tests, but the library code can also exist without CRYPTO_MANAGER. That means on minimal configs, the test code winds up being built with no way to disable it. Signed-off-by:
-
- 22 Jan, 2020 23 commits
-
-
Ard Biesheuvel authored
When the ARM accelerated ChaCha driver is built as part of a configuration that has kernel mode NEON disabled, we expect the compiler to propagate the build time constant expression IS_ENABLED(CONFIG_KERNEL_MODE_NEON) in a way that eliminates all the cross-object references to the actual NEON routines, which allows the chacha-neon-core.o object to be omitted from the build entirely. Unfortunately, this fails to work as expected in some cases, and we may end up with a build error such as chacha-glue.c:(.text+0xc0): undefined reference to `chacha_4block_xor_neon' caused by the fact that chacha_doneon() has not been eliminated from the object code, even though it will never be called in practice. Let's fix this by adding some IS_ENABLED(CONFIG_KERNEL_MODE_NEON) tests that are not strictly needed from a logical point of view, but should help the compiler infer that the NEON code paths are unreachable in those cases. Fixes: b36d8c09 ("crypto: arm/chacha - remove dependency on generic ...") Reported-by:
Russell King <linux@armlinux.org.uk> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by:
-
Horia Geantă authored
Add support for the crypto engine used in i.mx8mp (i.MX 8M "Plus"), which is very similar to the one used in i.mx8mq, i.mx8mm, i.mx8mn. Signed-off-by:
Horia Geantă <horia.geanta@nxp.com> Signed-off-by:
-
Jason A. Donenfeld authored
The emit code does optional base conversion itself in assembly, so we don't need to do that here. Also, neither one of these functions uses simd instructions, so checking for that doesn't make sense either. Signed-off-by:
-
Colin Ian King authored
There is a spelling mistake in an error message. Fix it. Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Jason A. Donenfeld authored
When this was originally ported, the 12-byte nonce vectors were left out to keep things simple. I agree that we don't need nor want a library interface for 12-byte nonces. But these test vectors were specially crafted to look at issues in the underlying primitives and related interactions. Therefore, we actually want to keep around all of the test vectors, and simply have a helper function to test them with. Secondly, the sglist-based chunking code in the library interface is rather complicated, so this adds a developer-only test for ensuring that all the book keeping is correct, across a wide array of possibilities. Signed-off-by:
-
Jason A. Donenfeld authored
Admist the kbuild robot induced changes, the .gitignore file for the generated file wasn't updated with the non-clashing filename. This commit adjusts that. Signed-off-by:
-
Colin Ian King authored
Currently the memory allocation failure checks on drv_data and amdtee are using IS_ERR rather than checking for a null pointer. Fix these checks to use the conventional null pointer check. Addresses-Coverity: ("Dereference null return") Fixes: 757cc3e9 ("tee: add AMD-TEE driver") Signed-off-by: -
Gilad Ben-Yossef authored
These inline versions of PM function for the case of CONFIG_PM is not set are never used. Erase them. Signed-off-by:
Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by:
-
Gilad Ben-Yossef authored
cc_pm_put_suspend() return value was never checked and is not useful. Turn it into a void functions. Signed-off-by:
-
Gilad Ben-Yossef authored
We were using the irq field of the drvdata struct in an overloaded fahsion - saving the IRQ number during init and then storing the pending itnerrupt sources during interrupt in the same field. This worked because these usage are mutually exclusive but are confusing. So simplify the code and change the init use case to use a simple local variable. Signed-off-by:
-
Gilad Ben-Yossef authored
The PM code was racy, possibly causing the driver to submit requests to a powered down device. Fix the race and while at it simplify the PM code. Signed-off-by:
-
Ofir Drang authored
In FDE mode (xts, essiv and bitlocker) the cryptocell hardware requires that the the XEX key will be loaded after Key1. Signed-off-by:
Ofir Drang <ofir.drang@arm.com> Cc: stable@vger.kernel.org Signed-off-by:
-
Gilad Ben-Yossef authored
cc_do_send_request() cannot fail and always returns -EINPROGRESS. Turn it into a void function and simplify code. Signed-off-by:
-
Gilad Ben-Yossef authored
pm_runtime_get_sync() can return 1 as a valid (none error) return code. Treat it as such. Signed-off-by:
-
Gilad Ben-Yossef authored
We have several loud error log messages that are already reported via the normal return code mechanism and produce a lot of noise when the new testmgr extra test are enabled. Turn these into debug only messages Signed-off-by:
-
Gilad Ben-Yossef authored
On AEAD decryption authentication failure we are suppose to zero out the output plaintext buffer. However, we've missed skipping the optional associated data that may prefix the ciphertext. This commit fixes this issue. Signed-off-by:
-
Hadar Gat authored
Fixed a typo in a commnet. Signed-off-by:
Hadar Gat <hadar.gat@arm.com> Signed-off-by:
-
Hadar Gat authored
Fixed typos in ccree error msgs. Signed-off-by:
-
Tudor Ambarus authored
These drivers no longer need it as they are only probed via DT. crypto_platform_data was allocated but unused, so remove it. This is a follow up for: commit 45a536e3 ("crypto: atmel-tdes - Retire dma_request_slave_channel_compat()") commit db28512f ("crypto: atmel-sha - Retire dma_request_slave_channel_compat()") commit 62f72cbd ("crypto: atmel-aes - Retire dma_request_slave_channel_compat()") Signed-off-by:
Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by:
-
Kees Cook authored
In order to avoid CFI function prototype mismatches, this removes the casts on assembly implementations of sha1/256/512 accelerators. The safety checks from BUILD_BUG_ON() remain. Additionally, this renames various arguments for clarity, as suggested by Eric Biggers. Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
-
Vinay Kumar Yadav authored
Do not return error when max stid reached, to Fallback to nic mode. Signed-off-by:
Vinay Kumar Yadav <vinay.yadav@chelsio.com> Signed-off-by:
-
Vinay Kumar Yadav authored
corrected function call context and moved t4_defer_reply to apropriate location. Signed-off-by:
-
Horia Geantă authored
Fixes: 8d818c10 ("crypto: caam/qi2 - add DPAA2-CAAM driver") Signed-off-by:
-
- 16 Jan, 2020 12 commits
-
-
Geert Uytterhoeven authored
"AEAD" is capitalized everywhere else. Use "an" when followed by a written or spoken vowel. Fixes: be1eb7f7 ("crypto: essiv - create wrapper template for ESSIV generation") Signed-off-by:
Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by:
-
Zaibo Xu authored
This branch prediction macro on the hot path can improve small performance(about 2%) according to the test. Signed-off-by:
Zaibo Xu <xuzaibo@huawei.com> Signed-off-by:
-
Zaibo Xu authored
Reorder the input parameters of hpre_crt_para_get to make it cleaner. Signed-off-by:
-
Zaibo Xu authored
1.Use memzero_explicit to clear key; 2.Fix some little endian writings; 3.Fix some other bugs and stuff of code style; Signed-off-by:
-
Zaibo Xu authored
1.Fixed the bug of software tfm leakage. 2.Update HW error log message. Signed-off-by:
-
Zaibo Xu authored
authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)), and authenc(hmac(sha512),cbc(aes)) support are added for SEC v2. Signed-off-by:
-
Zaibo Xu authored
1.Define base initiation of QP for context which can be reused. 2.Define cipher initiation for other algorithms. Signed-off-by:
-
Zaibo Xu authored
After adding branch prediction for skcipher hot path, a little bit income of performance is gotten. Signed-off-by:
-
Zaibo Xu authored
Add error type parameter for call back checking inside. Signed-off-by:
-
Zaibo Xu authored
1.Adjust call back function. 2.Adjust parameter checking function. Signed-off-by:
-
Zaibo Xu authored
1.Put resource including request and resource list into QP context structure to avoid allocate memory repeatedly. 2.Add max context queue number to void kcalloc large memory for QP context. 3.Remove the resource allocation operation. 4.Redefine resource allocation APIs to be shared by other algorithms. 5.Move resource allocation and free inner functions out of operations 'struct sec_req_op', and they are called directly. Signed-off-by:
-
Zaibo Xu authored
1.Adjust dma map function to be reused by AEAD algorithms; 2.Update some names of internal functions and variables to support AEAD algorithms; 3.Rename 'sec_skcipher_exit' as 'sec_skcipher_uninit'; 4.Rename 'sec_get/put_queue_id' as 'sec_alloc/free_queue_id'; Signed-off-by:
-
